Planning the Risk Management File Audit This is a strategy to help prepare for a risk management file (RMF) audit. It incorporates requirements from the international standard ISO 14971:2007 as well as the EU version EN ISO 14971:2012 applied to the Medical Device Directive, MDD, as outlined in Annex ZA. Clauses from the standard are in square brackets. Information specific to the EU version is shows in braces. Abbreviations: QMS Quality Management System RMF Risk Management File RMS Risk Management System 1. Select a product that is on the market and has a sufficient time to generate postproduction information. The audited file should have enough information to verify the requirements of the standard. This means the design project is complete, the device is in production, and devices have been shipped. Note: Selecting an appropriate RMF is a balance between a product that is recent enough to have relevant design information and mature enough to have market experience data. 2. Review the risk management procedures for existence and correct approval. The procedures document the manufacturer s risk management process [3.1]. Verify that the process includes risk analysis, risk evaluation, risk control, production information, and post-production information The procedure should provide the means to implement the risk management standard using the company s own approaches and methods. As such, it should not copy the text from the standard, but include specific methods to carry out an activity or a process [2.12]. Use the procedure in parallel with the ISO 14971:2007 {EN ISO 14971:2012} to verify an effective RMS [2.22]. 3. Top management [2.26] defined and documented its policy for determining the criteria for risk acceptability [3.2]. The policy should be written and under appropriate document control. The documented policy should base the risk acceptability criteria on national or regional regulations and on relevant international standards. It should also account for the accepted state of the art [D.4] 1 and any stakeholder concerns. 1 State of the art means currently and generally accepted good practice. It could be determined by: standards used for the same or similar devices; best practices as used in other devices of the same or similar type; or results of accepted scientific research. State of the art does not necessarily mean the most technologically advanced solution. Planning the Risk Management File Audit Page 1 of 8
The criteria for risk acceptability could be a stand alone document or incorporated into the Quality Policy required by the QMS. 4. Verify that top management [2.26] ensures the assignment of qualified personnel [3.3] for risk management. This step may involve a sampling plan. The standard requires maintenance of appropriate qualification records [3.3]. Verify the record s existence and content. Determine the identity of employees assigned to the project, at any element or phase, and verify that the records show competency. Competence includes [3.3] knowledge and experience with the device and its use, knowledge and experience with the technology involved, or knowledge and experience of risk management techniques. 5. Review the Risk Management Plan [3.4] The RMF contains a written risk management plan with appropriate approvals. If the risk management plan has been revised, the revisions should be noted and approved. Verify that the plan covers the required elements of 3.4.a to 3.4.f. Verify that the plan assigns responsibility for review and the risk management report; see 3.4.b. Verify that the criteria for risk acceptability links to and implements Top Management s policy for determining criteria for risk acceptability; see 3.4.d. If the manufacturer s risk management procedure requires additional elements in the plan, verify they have been included. Note: ISO 14971:2007, 3.4.d requires at least two criteria for risk acceptability. One is for risk and residual risk resulting from hazardous situations while the other is for overall residual risk. Commonly, the criteria are not the same. 6. Risk analysis process [4.1] The RMF documents the following elements: A description and identification of the medical device that was analyzed Identification of the people and organization who carried out the risk analysis The scope and date of the risk analysis 7. Intended Use and Characteristics [4.2] The RMF documents the following elements: The intended use of the device Planning the Risk Management File Audit Page 2 of 8
Any reasonably foreseeable misuse of the device The characteristics that could affect the safety of the medical device o The characteristics could be qualitative or quantitative o The characteristics should have defined limits, where appropriate Note 1: For an RMS coupled with a QMS, verify the intended use of the device is the same in both systems, i.e., 21 CFR 820.30(c) Design input and ISO 13485:2003 7.2.3.a. Note 2: A common approach uses ISO 14971:2007 Annex C as the basis for the safety characteristics Note 3: For Usability Engineering considerations a common approach also uses IEC 62366:2007 Annex E for safety characteristics Note 4: IEC 62366:2007 is replaced by IEC 62366-1:2015. 8. Traceability of Identified Hazards [3.5] Select some identified hazards using an appropriate sampling plan. They should be representative of the kinds of hazards associated with the device and should be chosen at random. The number depends on the extent of the audit and the capacity available. The sampling plan is typically a convenience sample rather than one based on statistical methodology. For each identified hazard, determine that it is traceable to the risk analysis, the risk evaluation, the implementation of the risk control measures, the verification of the risk control measures, and the assessment of the acceptability of any residual risk. For each of these traceability elements, ensure the risk management file demonstrates conformance with both ISO 14971:2007 {EN ISO 14971:2012} and the manufacturer s procedures. 9. Hazard Identification [4.3] The RMF has documentation on known and foreseeable hazards in both normal and fault conditions. Each of these identified hazards is subject to traceability. Note: It would be best if the documentation classified the hazards using the dimensions known/foreseeable and normal/fault. 10. Risk Estimation [4.4] The RMF records the system used for qualitative or quantitative categorization of probability of occurrence of harm or severity of harm. Planning the Risk Management File Audit Page 3 of 8
The RMF records hazardous situations resulting from reasonably foreseeable sequences or combinations of events. The RMF identifies the harm associated with each hazardous situation. There is a risk estimate for each identified hazardous situation. The risk estimate uses the documented system for the probability of occurrence of harm and the severity of harm. Identify any hazardous situations for which the probability of the occurrence of harm cannot be estimated. In these cases, the RMF lists the possible consequences. 11. Risk Evaluation [5] The RMF contains an evaluation of the need for risk reduction for each hazardous situation. The evaluation uses the criteria defined in the Risk Management Plan; see ISO 14971:2007, 3.4.d. The RMF identifies any application of relevant standards as part of the device design criteria to meet the risk reduction requirements. Note: If there are relevant standards used, trace to the documentation that supports their use. This could include test reports, inspection reports, and implementation verification from ISO 14971:2007, 6.3. {For EN ISO 14971:2012 there is a need for risk reduction in all cases, regardless of the criteria in the Risk Management Plan.} 12. Risk Control Options [6.2] The RMF records the risk control measures to reduce the risk to an acceptable level. The risk control measures use the risk control options of 6.2 in priority order. o {EN ISO 14971:2012 changes the first risk control option from inherent safety by design to inherently safe design and construction.} o {EN ISO 14971:2012 requires application of all risk controls measures even if the first or second option reduced the risk to an acceptable level} If the required risk control options are not practicable, there is a documented risk/benefit analysis of the residual risk. Planning the Risk Management File Audit Page 4 of 8
13. Implementation of the Risk Control Measures [6.3] The RMF contains a record of the implementation verification of each risk control measure. The RMF contains a record of the effectiveness verification of each risk control measure. The verifications use the activities defined in the risk management plan. 14. Residual Risk Evaluation [6.4] The RMF contains a record of the evaluation of any residual risk remaining after application of the risk control measures. The evaluation uses the criteria defined in the Risk Management Plan; see ISO 14971:2007, 3.4.d. For acceptable residual risks, the RMF contains a decision on which residual risk to disclose. For acceptable residual risks, the RMF describes or points to the information in the accompanying documents to disclose the residual risks Note: During the audit, trace forward to the accompanying documents to verify they contain the information to disclose the residual risks. {For EN ISO 14971:2012, disclose any residual risk for each individual risk.} 15. Risk/benefit analysis [6.5] The RMF contains a record of the evaluation of any residual risk remaining after application of the risk control measures. For unacceptable residual risks, where further risk control is not practicable, the RMF contains a risk/benefit analysis. For residual risks that are demonstrated to be outweighed by the benefits, the RMF contains a decision on which residual risk to disclose. For residual risks that are not demonstrated to be outweighed by the benefits, the RMF contains an acknowledgement that the risk remains unacceptable. Note: ISO 14971:2007 says, For risks that are demonstrated to be outweighed by the benefits, the manufacturer shall decide which information for safety is necessary to disclose the residual risk. However, this is a mistake since information for safety does not disclose residual risk. {For EN ISO 14971:2012, there is a risk/benefit report for each individual risk.} Planning the Risk Management File Audit Page 5 of 8
16. Risks Arising from Risk Control Measures [6.6] The RMF contains evidence of review of the risk control measures to determine if they introduced any new hazards or hazardous situations. The RMF contains evidence of review of the risk control measures to determine if they affect the estimated risk of previously identified hazardous situations. 17. Completeness of Risk Control [6.7] The RMF contains evidence that the risks from all hazardous situations are considered. Check all hazardous situations to verify evaluation of the residual risk: a) the residual risk is acceptable or b) the residual risk is unacceptable and there is a risk/benefit analysis For every risk/benefit analysis either: b1) the benefit outweighs the risk or b2) the benefit does not outweigh the risk In case b2) determine how the manufacturer handled the situation, since, by the initial RMF selection, the device is on the market. 18. Evaluation of Overall Residual Risk Acceptability [7] The RMF contains an evaluation of the overall residual risk posed by the medical device. The evaluation uses the criteria defined in the Risk Management Plan; see ISO 14971:2007, 3.4.d. For acceptable overall residual risk, the RMF contains a decision on which information is necessary to disclose overall residual risk. For acceptable overall residual risks, the RMF describes or points to the information in the accompanying documents to disclose the residual risks. For unacceptable overall residual risks the RMF contains a risk/benefit analysis. For overall residual risks that are demonstrated to be outweighed by the benefits, the RMF contains a decision that the overall residual risk is acceptable. For risks that are not demonstrated to be outweighed by the benefits, the RMF contains an acknowledgement that the risk remains unacceptable. Note: During the audit, trace forward to the accompanying documents to verify they contain the information to disclose the overall residual risk. {For EN ISO 14971:2012, disclose the overall residual risk.} Planning the Risk Management File Audit Page 6 of 8
19. Review the Risk Management Report [8] The manufacturer assigned the responsibility to review the risk management process to persons having the appropriate authority as defined in the Risk Management Plan, ISO 14971:2007, 3.4.b. The RMF records the results of the review in the Risk Management Report. Verify that the report covers the required elements: the risk management plan has been appropriately implemented the overall residual risk is acceptable appropriate methods are in place to obtain relevant production and post-production information 20. Production Information Collection and Review [9] The RMF records that the manufacturer established, documented, and maintains a system to collect and review production information. For a company with an associated QMS, verify the system satisfies 21 CFR 820.100(a)(1) or ISO 13485:2003, 8.2 and 8.4. Using the production information collection system, determine a sampling plan for data and records related to production information. For each identified production information data source, sample an appropriate number of records and trace them to the review process. The sampling plan should include the results of validated processes, especially when process validation is used as a protective measure in the manufacturing process [ISO 14971:2007, 6.2.b] The sampling plan should include the results of control and disposition of nonconforming product, especially when the nonconformance may relate to risk control measures [ISO 14971:2007, 6.2.b] The RMF records that the manufacturer evaluated the production information for possible relevance to safety including: Previously unrecognized hazards Previously unrecognized hazardous situations Unacceptable risk from a previously recognized hazardous situation The RMF records that if any of the above conditions exist, the manufacturer: Evaluated the impact on previous risk management activities Reviewed the risk management file for changes to residual risk or acceptability 21. Post-production Information Collection and Review [9] The RMF records that the manufacturer established, documented, and maintains a system to collect and review post-production information. Planning the Risk Management File Audit Page 7 of 8
For a company with an associated QMS, verify the system satisfies 21 CFR 820.100(a)(1) or ISO 13485:2003, 8.2 and 8.4. Using the post-production information collection system, determine a sampling plan for data and records related to post-production information. For each identified production information data source, sample an appropriate number of records and trace them to the review process. The sampling plan should include the results of complaints The sampling plan should include the results of regulatory agency activities such as FDA s TPLC reports The RMF records that the manufacturer evaluated the post-production information for possible relevance to safety including: Previously unrecognized hazards Previously unrecognized hazardous situations Unacceptable risk from previously recognized hazardous situation The RMF records that if any of the above conditions exist, the manufacturer: Evaluated the impact on previous risk management activities Reviewed the risk management file for changes to residual risk or acceptability Planning the Risk Management File Audit Page 8 of 8